North Korea launders $1.6B in crypto for weapons funding

The Multilateral Sanctions Monitoring Team (MSMT) reported that North Korea’s elite cyber unit laundered around $1.65 billion in cryptocurrency between January and September. The illicit funds were reportedly used to support the country’s illegal development of weapons of mass destruction (WMD) and ballistic missile programs.

The monitoring team noted that the total included $1.4 billion stolen from the crypto exchange Bybit in February, as well as $1.2 billion obtained through other illicit cryptocurrency activities in 2024.

North Korea uses IT workers to launder funds

North Korea has found ways to circumvent UN sanctions, including using cryptocurrency to trade raw materials and military weapons. The country has also deployed numerous IT workers abroad to launder funds and generate income for Pyongyang, according to a report by an international sanctions monitoring group.

This revelation has prompted analysts to conduct research, which showed that North Korea has intensified its cyber activities in recent years under the leadership of Kim Jong Un. According to their discovery, hacking has become a primary method applied for them to earn foreign currency amid severe measures put in place due to their nuclear and weapons initiatives.

They also realized that officials in the country used stablecoins for transactions related to purchasing military equipment and raw materials, such as copper, which is essential for the production of weapons.

To further evade UN sanctions, North Korea sent its IT workers to at least eight different nations, including China, which had the highest number of workers, as well as Russia, Laos, Cambodia, Equatorial Guinea, Guinea, Nigeria, and Tanzania. 

Additionally, since the UN sanctions restrict individuals from earning funds outside their country, the MSMT revealed the country’s intention to send 40,000 laborers to Russia, including several groups of IT workers. 

Meanwhile, North Korea has received strong backing from Russia after providing weapons and sending many of its soldiers to assist Moscow’s troops in the battle against Ukraine. 

North Korea’s intensified cyber activities spark security concerns 

The MSMT discussed a 2024 report from 38 North, an analysis program operated by the Stimson Centre think tank. The report highlighted that North Korean IT workers, who concealed their nationalities, acquired contracts for animation projects managed by Japanese and US companies like Amazon and HBO Max. 

When reports requested that Amazon comment on the claims, a spokesperson from the tech giant alleged that the company had never directly hired these workers. 

“We previously collaborated with an animation studio that employed subcontractors allegedly involved in this situation. However, those individuals were not Amazon employees and did not have access to our internal systems,” the spokesperson stated. 

HBO did not reply to a request for comments from a reporter. In the meantime, the report also pointed out that, apart from Amazon and HBO Max, North Korean animators have also worked with firms such as the state-run animation studio in Pyongyang, SEK. This company is well-known for assisting with Western projects, including the 2007 film The Simpsons Movie. 

Additionally, Seoul’s intelligence agency reported last year that North Korean agents posing as recruiters used LinkedIn to target victims with job offers. To achieve this, they asked South Koreans who worked at defense firms for information on their technologies.

Launched last October, the MSMT monitors and reports violations of UN Security Council sanctions on North Korea. However, it operates independently from the UN, with its members including: the UK, Canada, Italy, South Korea, the Netherlands, the US, Australia, New Zealand, Japan, France, and Germany.

Sharpen your strategy with mentorship + daily ideas - 30 days free access to our trading program